K8S
K8S部署
先创建一个debian模板
选择iso
快速安装一下即可:
安装完成克隆成模板:
Master节点
直接克隆一个就可以
克隆两个本地node
sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list
echo "export PATH=$PATH:/usr/sbin:/home/$(whoami)/.local/bin" >> ~/.bashrc
source ~/.bashrc
apt install ufw
apt install sudo vim wget curl -y
sudo hostnamectl set-hostname dayi-cloud-k8s-master
这里HOSTS用了tailscile 来进行相互访问
curl -fsSL https://tailscale.com/install.sh | sh
这样就配好hosts了
dayi-cloud-k8s-master
dayi-cloud-k8s-node1
dayi-cloud-k8s-node2
Master
sudo ufw allow 6443/tcp
sudo ufw allow 2379/tcp
sudo ufw allow 2380/tcp
sudo ufw allow 10250/tcp
sudo ufw allow 10251/tcp
sudo ufw allow 10252/tcp
sudo ufw allow 10255/tcp
sudo ufw reload
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
Other
sudo ufw allow 10250/tcp
sudo ufw allow 30000:32767/tcp
sudo ufw reload
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
SSH-密钥复制
mkdir ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDk1VvdE9ZZFnK5Bwhi+C74B/rLvT7zKHN4/tUhzLFrMVDQZvsF+8ON9w4xHK1AZyb64GQXs9BtX93N+OJ51t5ZbEl960S0o7BYgcdB7q3+wb9E4uTYNFK7akcBgtxa+3gmZTmttr1l2KT3xzfE9BebkRg+C/DO/PwnaPwOWyeYc90fmcpk7voM2e268wmv6V2eZmIKaA/T7GXCe22qKIcrgWZp78BHL1Je+sqQ72FfzGasDj/iDCcqbW6fsQ4v0QHsuQ4SavcT3xvPDPTwCow4CoV8cQiK4s2nak/5z8lZF07FRJsF0oYcg7m+9qizLv3jBi/P1M26Rhpj5fV6XmdBtIpSY8A958U2bPT/16eAJOcyj+0qFL2E0DWs7Hbh8tni4L51mppQfx4VnozzEzPPaEauGA/GNQ+HlKcaEe43bBia7btW9K9c6EHPvolAf/365gv4BcKArlbOVo4kfxqfX7ybjSnK2pz3kZjFDrXwhQ0LsVqlZIvGu+wkHIVFYHM= root@dayi-cloud-k8s-maste" >> ~/.ssh/authorized_keys
安装containerd
apt install containerd
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
sudo vi /etc/containerd/config.toml
scp /etc/containerd/config.toml dayi-cloud-k8s-node1:/etc/containerd/config.toml
scp /etc/containerd/config.toml dayi-cloud-k8s-node2:/etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
安装K8S仓库
sudo apt install gnupg gnupg2 curl software-properties-common -y
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/cgoogle.gpg
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
安装K8S
apt update
apt install kubelet kubeadm kubectl -y
apt-mark hold kubelet kubeadm kubectl
初始化集群:
kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.234.0.0/16 --control-plane-endpoint=dayi-cloud-k8s-master --v=5
虚拟化K8S安装
# 设置主机名
hostnamectl set-hostname m1
hostnamectl set-hostname node1
hostnamectl set-hostname node2
、
===== 192.168.0.202 node2
# 使用scp复制/etc/hosts到node1和node2
scp /etc/hosts root@192.168.0.201:/etc/hosts
scp /etc/hosts root@192.168.0.202:/etc/hosts
# 关闭swap并配置内核参数
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
echo -e 'net.bridge.bridge-nf-call-iptables = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
# 安装基本软件包
yum -y install wget ntpdate
# 配置时间同步
ntpdate ntp1.aliyun.com
crontab -e
# 添加以下内容
*/1 * * * * /usr/sbin/ntpdate ntp1.aliyun.com
systemctl restart crond.service
reboot
# 配置yum源及下载Kubernetes和Docker相关软件包
cd /etc/yum.repos.d
rm -f CentOS-*
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo
vi /etc/yum.repos.d/kubernetes.repo
# 添加kubernetes源的配置信息
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm -import rpm-package-key.gpg
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all
yum makecache fast
cd
# 安装docker-ce并启动服务
yum -y install docker-ce
systemctl start docker
systemctl enable docker
# 配置Docker的镜像加速器
vi /etc/docker/daemon.json
# 添加以下内容
{
"registry-mirrors": ["https://x3nqjrcg.mirror.aliyuncs.com"]
}
# Docker降级为20.10
yum downgrade --setopt=obsoletes=0 -y docker-ce-20.10.24 docker-ce-selinux-20.10.24 containerd.io
# 修改Docker Cgroup Driver为systemd
vi /etc/docker/daemon.json
# 添加以下内容
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://x3nqjrcg.mirror.aliyuncs.com"]
}
# 重启docker服务
systemctl daemon-reload
systemctl restart docker
# 安装kubeadm、kubectl、kubelet
yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
systemctl start kubelet
systemctl enable kubelet
# 下载Kubernetes镜像
kubeadm config images list --kubernetes-version v1.23.17
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers
# 初始化Kubernetes集群
kubeadm init \
--kubernetes-version=v1.23.17 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=192.168.8.10 \
--image-repository=registry.aliyuncs.com/google_containers
# 配置环境变量
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装Flannel网络
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
kubectl apply -f kube-flannel.yml
# 将节点加入到集群
kubeadm join 192.168.8.10:6443 --token [token] --discovery-token-ca-cert-hash [hash]
# 查看集群状态
kubectl get nodes
Debian安装
K8S2
哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈
换CENTOS
换大牛
Rencher
真男人直接下载:
修改主机名:
ssh-keygen -t ecdsa -b 256
ssh-copy-id node1
ssh-copy-id node2
复制密钥:
ssh-copy-id node2
复制hosts
scp /etc/hosts root@node1:/etc/hosts
scp /etc/hosts root@node2:/etc/hosts
修改内核配置
/etc/sysctl.conf
vi:
echo -e 'net.bridge.bridge-nf-call-iptables = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
开启模块
modprobe br_netfilter
ls /proc/sys/net/bridge/
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
sysctl -p
发送到从节点:
scp /etc/sysctl.conf root@node1:/etc/sysctl.conf
scp /etc/sysctl.conf root@node2:/etc/sysctl.conf
#从节点执行:
modprobe br_netfilter
ls /proc/sys/net/bridge/
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
sysctl -p
防火墙 SELINUX:
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
setenforce 0
vi /etc/selinux/config
#修改: SELINUX=disabled
reboot
发送到从节点
scp /etc/selinux/config root@node1:/etc/selinux/config
scp /etc/selinux/config root@node2:/etc/selinux/config
查看SELINUX状态
sestatus
NTP时间同步
yum -y install wget ntpdate
crontab -e
*/1 * * * * /usr/sbin/ntpdate ntp1.aliyun.com
systemctl restart crond.service
添加源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
安装
yum downgrade --setopt=obsoletes=0 -y docker-ce-20.10.24 docker-ce-selinux-20.10.24 containerd.io
yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
systemctl start kubelet
systemctl enable kubelet
systemctl status kubelet
kubeadm config images list --kubernetes-version v1.23.17
初始化
mv /etc/containerd/config.toml /root/config.toml.bak
systemctl restart containerd
/etc/kubernetes/manifests/kube-scheduler.yaml
rm -rf /etc/kubernetes/manifests/kube-apiserver.yaml
rm -rf /etc/kubernetes/manifests/kube-controller-manager.yaml
rm -rf /etc/kubernetes/manifests/kube-scheduler.yaml
rm -rf /etc/kubernetes/manifests/etcd.yaml
kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=192.168.59.137 \
--image-repository=registry.aliyuncs.com/google_containers
--v=5
rm -f /etc/kubernetes/controller-manager.conf
rm -f /etc/kubernetes/scheduler.conf
rm -f /etc/kubernetes/scheduler.conf
rm -f /etc/kubernetes/admin.conf
rm -f /etc/kubernetes/kubelet.conf
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join 192.168.59.137:6443 --token y8m7u7.3ur44mc2ezb87fmq \
--discovery-token-ca-cert-hash sha256:cb9d1bfa0c3adaabd9a34cd072e1d27c13c9cf9e6e3ef4a0c810b84d6fdf4c9f
节点:
节点:
状态: